Mike Sweetser - Adhost wrote: > Hello, > > I'm attempting to set up a transparent bridge in FreeBSD 7.0 to > eventually act as a PF/Snort box, and it needs to be VLAN aware. > However, I don't seem to be on the right track as far as setting it up. > > I have, for instance, VLAN 10 that it needs to be aware of, and this > network segment is on VLAN 10 from a switch higher up. I have the > current setup, but once it's running, I can't ping anything. bge0 is > the outside interface, bge1 is inside: > > defaultrouter="192.168.1.1" > gateway_enable="YES" > cloned_interfaces="bridge0 vlan0 vlan1" > ifconfig_vlan0="vlan 10 vlandev bge0" > ifconfig_vlan1="vlan 10 vlandev bge1" > ifconfig_bridge0="inet 192.168.1.10 netmask 255.255.0.0 addm bge0 addm > bge1 addm vlan0 addm vlan1 up" > ifconfig_bge0="up" > ifconfig_bge1="up" > > What am I doing wrong?
I'm pretty sure you *don't* want to bridge the interfaces with their parents (vlan0 shouldn't be bridged with bge0 -- if it even works, it would cause tagged packets to be untagged and retransmitted out the incoming interface (what cisco calls the native vlan) and vice versa). I've only bridged vlan interfaces -- not their parents. E.g.: cloned_interfaces="bridge0 vlan190 vlan590" ifconfig_bge0="up" ifconfig_vlan190="vlan 190 vlandev bge1" ifconfig_vlan590="vlan 590 vlandev bge1" ifconfig_bridge0="addm vlan190 addm vlan590" If you want to bridge the parents, I think it would look like this (YMMV): cloned_interfaces="bridge0 vlan10" ifconfig_bge0="up" ifconfig_bge1="up" ifconfig_bridge0="addm bge0 addm bge1" ifconfig_vlan10="vlan 10 vlandev bridge0" I don't know how well if_bridge(4) copes with vlan tags -- I know it breaks if you bridge a vlan(4) with a gif(4). I also don't know if a vlan interface will happily accept a bridge parent. -- Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley
pgpGk1VCg7bG3.pgp
Description: PGP signature